<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
    <h3>Lab 4 - User Controls Issues</h3>
    <ul>
        <li><a href="/Lab4/">Lab 4</a></li>
    </ul>
    <h3>Lab 5 - Authentication Issues</h3>
    <ul>
        <li><a href="Lab5/badpassword.html">Bad Passwords</a></li>
        <li><a href="Lab5/noisymessages.html">Noisy System</a></li>
        <li><a href="Lab5/changepassword.html">Change Passwords</a></li>
        <li><a href="Lab5/rememberme1.html">Remember Me v1</a></li>
        <li><a href="Lab5/rememberme2.html">Remember Me v2</a></li>
        <li><a href="Lab5/incompletevalidation.html">Incomplete Validation</a></li>
        <li><a href="Lab5/failopen.html">Fail Open</a></li>
        <li><a href="Lab5/multi1.html">Multi Stage Login</a></li>        
    </ul>
    In addition, download <a href="https://code.google.com/p/webgoat/downloads/list">WebGoat</a> and do lessons under "Authentication Flaws"<br/>
    Remember to login to the app, start the webgoat.bat file (assuming running Windows) and goto http://localhost/WebGoat/attack . Use the following credentials guest:guest
    
    <h3>Lab 6 - Session Management Issues</h3>
    <ul>
        <li><a href="Lab6/weaktoken1.html">Weak Token v1</a></li>
        <li><a href="Lab6/weaktoken2.html">Weak Token v2</a></li>
        <li><a href="Lab6/timetoken.html">Time Token</a></li>
        <li><a href="Lab6/weakrandom.html">Weak Session Token Generation</a></li>
    </ul>

    <h3>Lab 7 - Access Control Issues</h3>
    <ul>
        <li><a href="Lab7/unprotected">Unprotected Pages</a></li>
        <li><a href="Lab7/indentifier">Indentifiers</a></li>
        <li><a href="Lab7/staticfiles">Static Files</a></li>
        <li><a href="Lab7/parameter">Parameter</a></li>
    </ul>
</body>
</html>